[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 12 Dec 2022 20:00:45 UTC

--- Comment #20 from Cy Schubert <cy@FreeBSD.org> ---
(In reply to amendlik from comment #19)
Correct. This bypasses the GSSAPI code in sshd forcing it to rely on PAM
entirely. I tested this here using my MIT KRB5 using pam_krb5 port
(security/pam_krb5) built against security/krb5 (MIT KRB5 port).

I don't need to do this in production because the Heimdal code in sshd works
well with my MIT KRB5 KDC and its slaves. pam_krb5 in base also works well with

Your problem is not reproduceable with MIT KRB5, suggesting that FreeIPA have
customized or altered their MIT KRB5 in some way to be incompatible with

You are receiving this mail because:
You are the assignee for the bug.